Sr. Penetration Tester--Red Team Cme Group
Chicago, IL

Job Description

Description

CME Group is the world's leading and most diverse derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career shaping tomorrow. We invest in your success and you own it, all while working alongside a team of leading experts who inspire you in ways big and small. Joining our company gives you the opportunity to make a difference in global financial markets every day, whether you work on our industry-leading technology and risk management services, our benchmark products or in a corporate services area that helps us serve our customers better. We're small enough for you and your contributions to be known. But big enough for your ideas to make an impact. The pace is dynamic, the work is unlike any other firm in the business, and the possibilities are endless. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

To learn more about what a career at CME Group can offer you, visit us at www.wherefuturesaremade.com .

This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation's critical infrastructure. The Sr. Cyber Security Engineer- Threat Simulation will be a vital member of the Cyber Threat Simulation Team. This role will be responsible for participating in the execution of network penetration testing of internal and internet facing information systems infrastructure. In addition, the role will require participation in red team activities to identify misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data.

Position Responsibilities

* Conduct network penetration testing by utilizing best business practice tools including industry standard network scanning and offensive tool kits.
* Perform regular red team exercises, including developing methodology for carrying out simulated adversary attacks to expose and identify vulnerabilities in the people, process, and technology defense system.
* Perform cyber security assessments using both penetration testing capability as well as reviewing cyber security policies and procedures.
* Participate in red team initiatives which involve intelligence driven attack simulations that are designed to verify cyber defense controls and the ability of the cyber defense teams to identify and contain malicious activity.
* Participate in findings & observation reporting while using the appropriate rating on the CVSS scale to classify severity and prioritize remediation.
* Assist cyber defense teams with critical security incident investigations.
* Interface with other information security departments, as well as, other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
* Liaise with third party cyber security vendors engaged with CME to conduct objective assessments such as external penetration assessments, internal penetration assessments and indicators of compromise scanning.
* Stay up to date on evolving tactics, techniques and procedures utilized by malicious actors that may attack organizations with mature cyber defensive capabilities.

Position Requirements

* A minimum of 7+ years' experience with penetration testing and/or red teaming operations.
* Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
* Must have excellent written and oral communication skills.
* Must have experience with documenting cyber security assessment reports.
* Expert knowledge of CVSS v3.0 rating and can accurately assess vulnerabilities based on the principal characteristics of a vulnerability.
* Expert knowledgeable in Windows and Linux System hardening concepts and techniques.
* Ability to translate highly technical material/knowledge to non-technical personnel.
* Knowledgeable in Industry Security standards (ie: ISO27002, NIST Cyber Security Framework, etc..).
* Strongly preferred Certifications: OSCP
* Preferred Certifications: OSCE, GPEN, GXPN, CRT

For EU Residents, the Candidate Privacy Policy can be found here.